Stratfor Hack Highlights Anonymous Weakness

6 Jan 2012 by Alice Cullen

The massive Christmas Eve hack on private intelligence firm Stratfor has not only exposed weaknesses within Stratfor but also in the hack’s alleged perpetrators: Anonymous.

The renowned hactivist group, along with AntiSec partners in crime LulzSec, shot into the limelight in 2011 and were responsible for attacks on Sony, AT&T, the Serious Organised Crime Agency and News International.

The group has a ‘simple’ concept – no leadership. Anonymous is a decentralised online community acting in a coordinated manner, anonymously. By its very nature this means that anyone could call themselves ‘Anonymous’ and this is where the Stratfor hack comes in.

The hack into the private intelligence firm seemed like any other AntiSec hack; Twitter announcement, samples of stolen material posted online along with taunts about the poor security measures that the global intelligence company had in place.

More than 2.5 million emails, internal documents, and a client list including passwords and credit card details allegedly stolen during the hack were posted online – supposedly totalling a massive 200 gigabytes of stolen information.

The hacker who carried out the attack, Sabu, who often speaks for the AntiSec, posted this message explaining the attack: “We are #antisec. We hack and expose security experts who are part of an industry hell-bent on scamming governments and users out of billions.”

When the hacker’s claimed that some of the credit cards had been used to donate between $500,000 and $1 million to charity, and that four of Stratfor’s servers – including backups – had been wiped (typically non-Anonymous hack characteristics), people began to question whether this was an Anonymous attack or not.

Anonymous released a press release at Christmas stating: “Hackers claiming to be Anonymous have distorted this truth [about Stratfor’s role] in order to further their hidden agenda.

“Sabu and his crew are nothing more than opportunistic attention wh*res who are possibly agent provocateurs.”

This began an intense spat with the Stratfor hackers who retorted: “Anyone can claim to be Anonymous, but because of the inherent decentralised nature of Anonymous, without central top-down leadership, no individual is in place to speak to the legitimacy of another individual or group’s operation.”

The wiping clean of four of the companies servers has led many analysts to question whether the attack could have been carried out by a rival company hiding behind the Anonymous mask to cause as much disruption as possible and destroy the reputation of one of their competitors.

It has also been asked; if it was an Anonymous hack, why not target a politically relevant security company like Hakluyt or Aegis?

The Stratfor hack has thrust Anonymous into the limelight not for a notable attack, but rather calling into question the philosophy of the organisation. Having no centralised censor has left the gates wide-open for misuse of the Anonymous ‘brand’.

As for the Stratfor attack – was it really a true Anonymous hack? That depends on how you define ‘Anonymous’.